From 1f6932ad2c69266f6e1a1bbc22ae9dc6d673ef3c Mon Sep 17 00:00:00 2001 From: Momo Date: Tue, 9 Aug 2011 03:21:58 +0200 Subject: initial commit --- filebitch/COPYING | 14 ++++++++++++++ filebitch/README | 12 ++++++++++++ filebitch/connect_narf.pl | 15 +++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 filebitch/COPYING create mode 100644 filebitch/README create mode 100644 filebitch/connect_narf.pl (limited to 'filebitch') diff --git a/filebitch/COPYING b/filebitch/COPYING new file mode 100644 index 00000000..65d1a2e9 --- /dev/null +++ b/filebitch/COPYING @@ -0,0 +1,14 @@ + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + Version 2, December 2004 + + Copyright (C) 2004 Sam Hocevar + + Everyone is permitted to copy and distribute verbatim or modified + copies of this license document, and changing it is allowed as long + as the name is changed. + + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. You just DO WHAT THE FUCK YOU WANT TO. + diff --git a/filebitch/README b/filebitch/README new file mode 100644 index 00000000..177bb374 --- /dev/null +++ b/filebitch/README @@ -0,0 +1,12 @@ +The connec_sh script morses the IP + "connected" when a user connects to filebitchs proftpd server. +It will hopefully drive someone crazy. + +To make it run you need to add some lines to your proftpd config. +I decided not to let Krebs do this as I didn't want to break your FTP Server (I know FTP is broken by default). +The 5 necessary lines are: +ExtendedLog /var/log/proftpd/ftp_auth.log AUTH auth + + ExecEngine on + ExecOnConnect "/krebs/filebitch/connect_narf.pl" + + diff --git a/filebitch/connect_narf.pl b/filebitch/connect_narf.pl new file mode 100644 index 00000000..87a521ed --- /dev/null +++ b/filebitch/connect_narf.pl @@ -0,0 +1,15 @@ +#!/usr/bin/perl +#Please add the following to your proftpd config file +#ExtendedLog /var/log/proftpd/ftp_auth.log AUTH auth +#and +# +# ExecEngine on +# ExecOnConnect "/krebs/filebitch/connect_narf.pl" +# + +$ip = system("tail -n 1 /var/log/proftpd/ftp_auth.log"); +#I'm very sorry for this regex, but i only wanted it to get _real_ IPv4 Adresses of the log file, not any kind of timestamp bullshit +$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b//g; +#getting some guys sitting next to the Server pissed :) +system("morse -l 42 -f 2000 $ip"); +system("morse -l 42 -f 3000 connected"); -- cgit v1.2.3 From 81368a802310eb978756a16ba1e15b7c40e627d6 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 10 Aug 2011 21:26:16 +0200 Subject: filebitch/connect_narf: s/morse/beep/ --- filebitch/connect_narf.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) mode change 100644 => 100755 filebitch/connect_narf.pl (limited to 'filebitch') diff --git a/filebitch/connect_narf.pl b/filebitch/connect_narf.pl old mode 100644 new mode 100755 index 87a521ed..20fc3e50 --- a/filebitch/connect_narf.pl +++ b/filebitch/connect_narf.pl @@ -7,9 +7,9 @@ # ExecOnConnect "/krebs/filebitch/connect_narf.pl" # -$ip = system("tail -n 1 /var/log/proftpd/ftp_auth.log"); +#$ip = system("tail -n 1 /var/log/proftpd/ftp_auth.log"); #I'm very sorry for this regex, but i only wanted it to get _real_ IPv4 Adresses of the log file, not any kind of timestamp bullshit -$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b//g; +#$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b//g; #getting some guys sitting next to the Server pissed :) -system("morse -l 42 -f 2000 $ip"); -system("morse -l 42 -f 3000 connected"); +my $ip = "USER"; +system("beep -l 100 -f 1000 -n -r 3 -d 10 -l 50 -f 3000"); -- cgit v1.2.3 From 798559fd2fe16a936f6f7b404bb24c07eff3a330 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 10 Aug 2011 21:34:14 +0200 Subject: initial commit --- filebitch/disconnect_narf.pl | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100755 filebitch/disconnect_narf.pl (limited to 'filebitch') diff --git a/filebitch/disconnect_narf.pl b/filebitch/disconnect_narf.pl new file mode 100755 index 00000000..20fc3e50 --- /dev/null +++ b/filebitch/disconnect_narf.pl @@ -0,0 +1,15 @@ +#!/usr/bin/perl +#Please add the following to your proftpd config file +#ExtendedLog /var/log/proftpd/ftp_auth.log AUTH auth +#and +# +# ExecEngine on +# ExecOnConnect "/krebs/filebitch/connect_narf.pl" +# + +#$ip = system("tail -n 1 /var/log/proftpd/ftp_auth.log"); +#I'm very sorry for this regex, but i only wanted it to get _real_ IPv4 Adresses of the log file, not any kind of timestamp bullshit +#$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b//g; +#getting some guys sitting next to the Server pissed :) +my $ip = "USER"; +system("beep -l 100 -f 1000 -n -r 3 -d 10 -l 50 -f 3000"); -- cgit v1.2.3 From e3551b11b5f135f89cb7535df95ba2a6e190e24c Mon Sep 17 00:00:00 2001 From: root Date: Wed, 10 Aug 2011 21:35:42 +0200 Subject: fixed some shit --- filebitch/disconnect_narf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'filebitch') diff --git a/filebitch/disconnect_narf.pl b/filebitch/disconnect_narf.pl index 20fc3e50..fdda6bac 100755 --- a/filebitch/disconnect_narf.pl +++ b/filebitch/disconnect_narf.pl @@ -4,7 +4,7 @@ #and # # ExecEngine on -# ExecOnConnect "/krebs/filebitch/connect_narf.pl" +# ExecOnExit "/krebs/filebitch/disconnect_narf.pl" # #$ip = system("tail -n 1 /var/log/proftpd/ftp_auth.log"); -- cgit v1.2.3 From fb9299a3beca88bf7c107a4ce8a30995554323e9 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 10 Aug 2011 21:36:36 +0200 Subject: filebitch/connect_narf: 2337 is the good sound --- filebitch/connect_narf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'filebitch') diff --git a/filebitch/connect_narf.pl b/filebitch/connect_narf.pl index 20fc3e50..b1fec004 100755 --- a/filebitch/connect_narf.pl +++ b/filebitch/connect_narf.pl @@ -12,4 +12,4 @@ #$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b//g; #getting some guys sitting next to the Server pissed :) my $ip = "USER"; -system("beep -l 100 -f 1000 -n -r 3 -d 10 -l 50 -f 3000"); +system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 2337"); -- cgit v1.2.3 From 42e679dc0441b5dfc777444d00fb231d8741bcb3 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 10 Aug 2011 21:38:57 +0200 Subject: filebitch/disconnect_narf: 2000, 1000 is the sad sound --- filebitch/disconnect_narf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'filebitch') diff --git a/filebitch/disconnect_narf.pl b/filebitch/disconnect_narf.pl index 20fc3e50..0a1deabb 100755 --- a/filebitch/disconnect_narf.pl +++ b/filebitch/disconnect_narf.pl @@ -12,4 +12,4 @@ #$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b//g; #getting some guys sitting next to the Server pissed :) my $ip = "USER"; -system("beep -l 100 -f 1000 -n -r 3 -d 10 -l 50 -f 3000"); +system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 1000"); -- cgit v1.2.3 From 1addb5bd958752b61386f3d23f9be319808f7f92 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 11 Aug 2011 14:03:06 +0200 Subject: filebitch/connect_narf: use the more quiet -f 3337 --- filebitch/connect_narf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'filebitch') diff --git a/filebitch/connect_narf.pl b/filebitch/connect_narf.pl index b1fec004..fd2742dc 100755 --- a/filebitch/connect_narf.pl +++ b/filebitch/connect_narf.pl @@ -12,4 +12,4 @@ #$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b//g; #getting some guys sitting next to the Server pissed :) my $ip = "USER"; -system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 2337"); +system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 3337"); -- cgit v1.2.3 From 6afd4823788738dc15835a30339c7f588abaedf2 Mon Sep 17 00:00:00 2001 From: Momo Date: Tue, 16 Aug 2011 22:14:19 +0200 Subject: Added IP f00 --- filebitch/connect_narf.pl | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'filebitch') diff --git a/filebitch/connect_narf.pl b/filebitch/connect_narf.pl index fd2742dc..97cc7750 100755 --- a/filebitch/connect_narf.pl +++ b/filebitch/connect_narf.pl @@ -4,12 +4,15 @@ #and # # ExecEngine on -# ExecOnConnect "/krebs/filebitch/connect_narf.pl" +# ExecOnConnect "/krebs/filebitch/connect_narf.pli %a" # -#$ip = system("tail -n 1 /var/log/proftpd/ftp_auth.log"); +$ip = $ARGV[0]; #I'm very sorry for this regex, but i only wanted it to get _real_ IPv4 Adresses of the log file, not any kind of timestamp bullshit -#$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b//g; +$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\b//g; #getting some guys sitting next to the Server pissed :) -my $ip = "USER"; -system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 3337"); +system("morse -l 42 -f 2000 $ip"); +system("morse -l 42 -f 3000 \"connected\""); + +# my $ip = "USER"; +# system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 3337"); -- cgit v1.2.3 From ff4808b6b9a7ab1dc6711c01e3c385eda78a241d Mon Sep 17 00:00:00 2001 From: Momo Date: Thu, 18 Aug 2011 04:17:17 +0200 Subject: Fixed the READMES and disconnect_narf.pl --- filebitch/README | 8 +++++--- filebitch/connect_narf.pl | 2 +- filebitch/disconnect_narf.pl | 15 ++++++++------- 3 files changed, 14 insertions(+), 11 deletions(-) (limited to 'filebitch') diff --git a/filebitch/README b/filebitch/README index 177bb374..5ae3a666 100644 --- a/filebitch/README +++ b/filebitch/README @@ -1,12 +1,14 @@ -The connec_sh script morses the IP + "connected" when a user connects to filebitchs proftpd server. +The connect_narf.pl script morses the IP + "connected" when a user connects to filebitchs proftpd server. +The disconnect_narf.pl scritp will do the obvious opposite. It will hopefully drive someone crazy. To make it run you need to add some lines to your proftpd config. I decided not to let Krebs do this as I didn't want to break your FTP Server (I know FTP is broken by default). The 5 necessary lines are: -ExtendedLog /var/log/proftpd/ftp_auth.log AUTH auth + ExecEngine on - ExecOnConnect "/krebs/filebitch/connect_narf.pl" + ExecOnConnect "/krebs/filebitch/connect_narf.pl %a" + ExecOnExit "/krebs/filebitch/disconnect_narf.pl %a" diff --git a/filebitch/connect_narf.pl b/filebitch/connect_narf.pl index 97cc7750..8e984150 100755 --- a/filebitch/connect_narf.pl +++ b/filebitch/connect_narf.pl @@ -14,5 +14,5 @@ $ip =~ s/\b(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9] system("morse -l 42 -f 2000 $ip"); system("morse -l 42 -f 3000 \"connected\""); -# my $ip = "USER"; +# Uncomment the beep below to play the enterprise connect sound # system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 3337"); diff --git a/filebitch/disconnect_narf.pl b/filebitch/disconnect_narf.pl index af7bea6c..77fbf743 100755 --- a/filebitch/disconnect_narf.pl +++ b/filebitch/disconnect_narf.pl @@ -1,15 +1,16 @@ #!/usr/bin/perl #Please add the following to your proftpd config file -#ExtendedLog /var/log/proftpd/ftp_auth.log AUTH auth -#and # # ExecEngine on -# ExecOnExit "/krebs/filebitch/disconnect_narf.pl" +# ExecOnExit "/krebs/filebitch/connect_narf.pli %a" # -#$ip = system("tail -n 1 /var/log/proftpd/ftp_auth.log"); +$ip = $ARGV[0]; #I'm very sorry for this regex, but i only wanted it to get _real_ IPv4 Adresses of the log file, not any kind of timestamp bullshit -#$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b//g; +$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\b//g; #getting some guys sitting next to the Server pissed :) -my $ip = "USER"; -system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 1000"); +system("morse -l 42 -f 2000 $ip"); +system("morse -l 42 -f 3000 \"disconnected\""); + +# Uncomment the beep below to play the enterprise connect sound +# system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 3337"); -- cgit v1.2.3 From d5320bc34aece7e2fe9246f394be829ce954d4fd Mon Sep 17 00:00:00 2001 From: Momo Date: Thu, 1 Sep 2011 12:19:50 +0200 Subject: ignoring the monitoring server --- filebitch/connect_narf.pl | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'filebitch') diff --git a/filebitch/connect_narf.pl b/filebitch/connect_narf.pl index 8e984150..7c713d3b 100755 --- a/filebitch/connect_narf.pl +++ b/filebitch/connect_narf.pl @@ -10,9 +10,10 @@ $ip = $ARGV[0]; #I'm very sorry for this regex, but i only wanted it to get _real_ IPv4 Adresses of the log file, not any kind of timestamp bullshit $ip =~ s/\b(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\b//g; +if($ip ne "10.42.0.107"){ #getting some guys sitting next to the Server pissed :) -system("morse -l 42 -f 2000 $ip"); -system("morse -l 42 -f 3000 \"connected\""); - + system("morse -l 42 -f 2000 $ip"); + system("morse -l 42 -f 3000 \"connected\""); +} # Uncomment the beep below to play the enterprise connect sound # system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 3337"); -- cgit v1.2.3 From 63df68949c64bf652c287bda51f7175c64776ad9 Mon Sep 17 00:00:00 2001 From: Momo Date: Thu, 1 Sep 2011 12:21:11 +0200 Subject: Adding TODO --- filebitch/TODO | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 filebitch/TODO (limited to 'filebitch') diff --git a/filebitch/TODO b/filebitch/TODO new file mode 100644 index 00000000..aa2af36a --- /dev/null +++ b/filebitch/TODO @@ -0,0 +1,2 @@ +Buid a blacklist so some IPs(e.g. monitoring servers) don't trigger a beep + -- cgit v1.2.3